const express = require('express');
const router = express.Router();
const departmentController = require('../controllers/department.controller');
const { authenticate, authorize } = require('../middleware/auth');

// 所有部门路由都需要认证
router.use(authenticate);

// 管理员路由
router.post('/', authorize('admin'), departmentController.createDepartment);
router.get('/', authorize('admin'), departmentController.getAllDepartments);
router.get('/:id', authorize('admin'), departmentController.getDepartmentById);
router.put('/:id', authorize('admin'), departmentController.updateDepartment);
router.delete('/:id', authorize('admin'), departmentController.deleteDepartment);
router.post('/:departmentId/users', authorize('admin'), departmentController.addUserToDepartment);
router.delete('/:departmentId/users/:userId', authorize('admin'), departmentController.removeUserFromDepartment);

module.exports = router;